Whats with the KDE exploit? Is Fedora patched?
Dotan Cohen
dotancohen at gmail.com
Mon Jan 23 20:55:39 UTC 2006
On 1/23/06, Claude Jones <claude_jones at levitjames.com> wrote:
> On Monday 23 January 2006 3:13 pm, Rahul Sundaram wrote:
> > Follow http://fedoraproject.org/wiki/Security procedures and report it
> > if its not already done in bugzilla. I suspect the security team is
> > already tackling this.
>
> As reported by Fedora-announce, the patch was released on Fri. If you've
> updated since Saturday, you're probably fine --- from the announcement:
>
> "Update Information:
>
> A heap overflow flaw was discovered affecting kjs, the
> JavaScript interpreter engine used by Konqueror and other
> parts of KDE. An attacker could create a malicious web site
> containing carefully crafted JavaScript code that would
> trigger this flaw and possibly lead to arbitrary code
> execution. The Common Vulnerabilities and Exposures project
> assigned the name CVE-2006-0019 to this issue. "
>
> Claude Jones
> Bluemont, VA, USA
>
Then I'm good! I'm signing up for fedora-security (and test). It seems
that the signup form has been removed from fedora.redhat.com. To those
who may look for it:
http://fedoraproject.org/wiki/Communicate#head-e515a6e891efe6e2f1c8faa0434f8b5422510668
There's now 36 different mailing lists for Fedora! You could do one a
day for a month and still have leftovers for a week!
http://technology-sleuth.com/technical_answer/what_is_hdtv.html
More information about the fedora-list
mailing list